package com.servicecloud.provider.config;

import javax.annotation.Resource;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * 作用：<br>
 * 进行服务的安全访问配置，公共模块
 * 
 * @author Gavin<br>
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//	@Override
//	public void configure(WebSecurity web) throws Exception {
//		web.ignoring().antMatchers("/hystrix.stream", "/..");// 设置哪些路径不需要安全策略，不推荐使用
//	}

	@Resource
	public void configGlobal(AuthenticationManagerBuilder auth) throws Exception {
		// 这儿配置的是zuul访问的安全配置信息
		auth.inMemoryAuthentication().withUser("springcloudzuul").password("service").roles("USER").and()
				.withUser("admin").password("hello").roles("USER", "ADMIN");
//		auth.inMemoryAuthentication().withUser("springcloud").password("service").roles("USER").and()
//		.withUser("admin").password("hello").roles("USER", "ADMIN");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 表示所有的访问都必须进行认证处理后才可以正常进行
		// note：针对微服务来说应该禁止csrf跨域的限制
		http.httpBasic().and().authorizeRequests().anyRequest().fullyAuthenticated().and().csrf().disable();
		// 所有的Rest服务一定要设置为无状态，以提升操作性能
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	}
}
